openvpn: three new fuzzers and improved proxy fuzzer (#5979)

* add list fuzzer

* add header file inclusion order.

* added an mroute fuzzer.

* add packet id fuzzer.

* refactor list, mroute and packet_id fuzzers.

* set it up so fgets always returns a string with an ASCII char.

* refactor build script.

* hook fopen and fclose in builtin_console.

1 files changed, 17 insertions, 1 deletions

diff --git a/projects/openvpn/fuzz_header.h b/projects/openvpn/fuzz_header.h
index 2b9ae18f..566baa75 100644
--- a/projects/openvpn/fuzz_header.h
+++ b/projects/openvpn/fuzz_header.h
@@ -25,9 +25,14 @@ ssize_t fuzz_read(int sockfd, void *buf, size_t len){
 	return fuzz_get_random_data(buf, len);
 }
 
+
+
 char *fuzz_fgets(char *s, int size, FILE *stream) {
   ssize_t v = fuzz_get_random_data(s, size-1);
-  if (s[0] == '\0') {
+  // We use fgets to get trusted input. As such, assume we have
+  // an ascii printable char at the beginning.
+  printf("Calling into fgets\n");
+  if (s[0] <= 0x21 || s[0] >= 0x7f) {
     s[0] = 'A';
   }
   s[size-1] = '\0';
@@ -45,3 +50,14 @@ int fuzz_select(int nfds, fd_set *readfds, fd_set *writefds,fd_set *exceptfds, s
 ssize_t fuzz_send(int sockfd, const void *buf, size_t len, int flags) {
   return len;
 }
+
+FILE *fp_p = NULL;
+FILE *fuzz_fopen(const char *pathname, const char *mode) {
+   if (mode == NULL) return fp_p;
+   return fp_p;
+}
+
+int fuzz_fclose(FILE *stream) {
+   if (stream == NULL) return 1;
+   return 2;
+}